How to log real user’s IP address with Nginx in log files
My nginx server is behind a reverse proxy load balancer. How can I show the correct client IP address in nginx log files when nginx is behind a load balancer?
If you are using nginx behind reverse proxies, load balancer and HTTPS front-end such as HAProxy/Pound, you may find hard to log or get the real IP address.
How to log the real user’s IP instead of the proxy server?
You need use the ngx_http_realip_module module. It is used to change the client address and optional port to the one sent in the specified header fields. Edit your nginx.conf or default.conf file: $ sudo vi /etc/nginx/conf.d/default.conf And set the following two directives:
set_real_ip_from 192.168.1.4; Set trusted addresses that are known to send correct replacement addresses. 192.168.1.4 is my load balancer or reverse proxy server.
real_ip_header X-Forwarded-For; You need to define the request header field whose value will be used to replace the client address. The X-Real-IP and X-Forwarded-For parameters contain client’s real IP address. This header is usually set in your load balancer or client IP address.
The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.